[Bug 1803718] [NEW] RPC helper segfault - Ubuntu 18.04LTS
Aidan Walton
aidan.walton at gmail.com
Fri Nov 16 14:18:12 UTC 2018
Public bug reported:
I created a very simple RPC helper configuration as described in
http://conntrack-tools.netfilter.org/manual.html
After starting conntrackd, the ct_helper.so causes a segmentation fault as soon as a packet hits the -j CT target in iptables.
conntrackd crashes ungracefully with lock files preventing restart.
conntrackd config:
# Default debian config. Please, take a look at conntrackd.conf(5)
General {
HashSize 8192
HashLimit 65535
Syslog on
LockFile /var/lock/conntrackd.lock
UNIX {
Path /var/run/conntrackd.sock
Backlog 20
}
SocketBufferSize 262142
SocketBufferSizeMaxGrown 655355
# default debian service unit file is of Type=notify
Systemd on
}
Stats {
LogFile on
}
Helper {
Type rpc inet udp {
QueueNum 1
QueueLen 10240
Policy rpc {
ExpectMax 1
ExpectTimeout 300
}
}
Type rpc inet tcp {
QueueNum 2
QueueLen 10240
Policy rpc {
ExpectMax 1
ExpectTimeout 300
}
}
}
nfct list helper
{
.name = rpc,
.queuenum = 2,
.l3protonum = 2,
.l4protonum = 6,
.priv_data_len = 0,
.status = enabled,
};
{
.name = rpc,
.queuenum = 1,
.l3protonum = 2,
.l4protonum = 17,
.priv_data_len = 0,
.status = enabled,
};
iptables rule:
-A OUTPUT -d 10.0.0.0/24 -p udp -m udp --dport 111 -m comment --comment "Load RPC user space helper for outgoing calls to RPC on other local machines (See /etc/conntrackd/conntrackd.conf)" -j CT --helper rpc
-A OUTPUT -d 10.0.0.0/24 -p tcp -m tcp --dport 111 -m comment --comment "Load RPC user space helper for outgoing calls to RPC on other local machines (See /etc/conntrackd/conntrackd.conf)" -j CT --helper rpc
syslog:
Nov 16 15:06:54 mx systemd[1]: Started Conntrack Daemon.
Nov 16 15:06:54 mx conntrack-tools[17623]: netlink event socket buffer size has been set to 262142 bytes
Nov 16 15:06:54 mx conntrack-tools[17623]: configuring helper `rpc' with queuenum=2 and queuelen=10240
Nov 16 15:06:54 mx conntrack-tools[17623]: policy name=rpc expect_timeout=300 expect_max=1
Nov 16 15:06:54 mx conntrack-tools[17623]: helper `rpc' configured successfully
Nov 16 15:06:54 mx conntrack-tools[17623]: configuring helper `rpc' with queuenum=1 and queuelen=10240
Nov 16 15:06:54 mx conntrack-tools[17623]: policy name=rpc expect_timeout=300 expect_max=1
Nov 16 15:06:54 mx conntrack-tools[17623]: helper `rpc' configured successfully
Nov 16 15:06:54 mx conntrack-tools[17623]: initialization completed
Nov 16 15:06:54 mx conntrack-tools[17623]: -- starting in console mode --
Nov 16 15:07:12 mx kernel: [73016.216826] conntrackd[17623]: segfault at 4 ip 00007f7a25091eab sp 00007ffee3341cb0 error 6 in ct_helper_rpc.so[7f7a25091000+2000]
** Affects: conntrack-tools (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to conntrack-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1803718
Title:
RPC helper segfault - Ubuntu 18.04LTS
Status in conntrack-tools package in Ubuntu:
New
Bug description:
I created a very simple RPC helper configuration as described in
http://conntrack-tools.netfilter.org/manual.html
After starting conntrackd, the ct_helper.so causes a segmentation fault as soon as a packet hits the -j CT target in iptables.
conntrackd crashes ungracefully with lock files preventing restart.
conntrackd config:
# Default debian config. Please, take a look at conntrackd.conf(5)
General {
HashSize 8192
HashLimit 65535
Syslog on
LockFile /var/lock/conntrackd.lock
UNIX {
Path /var/run/conntrackd.sock
Backlog 20
}
SocketBufferSize 262142
SocketBufferSizeMaxGrown 655355
# default debian service unit file is of Type=notify
Systemd on
}
Stats {
LogFile on
}
Helper {
Type rpc inet udp {
QueueNum 1
QueueLen 10240
Policy rpc {
ExpectMax 1
ExpectTimeout 300
}
}
Type rpc inet tcp {
QueueNum 2
QueueLen 10240
Policy rpc {
ExpectMax 1
ExpectTimeout 300
}
}
}
nfct list helper
{
.name = rpc,
.queuenum = 2,
.l3protonum = 2,
.l4protonum = 6,
.priv_data_len = 0,
.status = enabled,
};
{
.name = rpc,
.queuenum = 1,
.l3protonum = 2,
.l4protonum = 17,
.priv_data_len = 0,
.status = enabled,
};
iptables rule:
-A OUTPUT -d 10.0.0.0/24 -p udp -m udp --dport 111 -m comment --comment "Load RPC user space helper for outgoing calls to RPC on other local machines (See /etc/conntrackd/conntrackd.conf)" -j CT --helper rpc
-A OUTPUT -d 10.0.0.0/24 -p tcp -m tcp --dport 111 -m comment --comment "Load RPC user space helper for outgoing calls to RPC on other local machines (See /etc/conntrackd/conntrackd.conf)" -j CT --helper rpc
syslog:
Nov 16 15:06:54 mx systemd[1]: Started Conntrack Daemon.
Nov 16 15:06:54 mx conntrack-tools[17623]: netlink event socket buffer size has been set to 262142 bytes
Nov 16 15:06:54 mx conntrack-tools[17623]: configuring helper `rpc' with queuenum=2 and queuelen=10240
Nov 16 15:06:54 mx conntrack-tools[17623]: policy name=rpc expect_timeout=300 expect_max=1
Nov 16 15:06:54 mx conntrack-tools[17623]: helper `rpc' configured successfully
Nov 16 15:06:54 mx conntrack-tools[17623]: configuring helper `rpc' with queuenum=1 and queuelen=10240
Nov 16 15:06:54 mx conntrack-tools[17623]: policy name=rpc expect_timeout=300 expect_max=1
Nov 16 15:06:54 mx conntrack-tools[17623]: helper `rpc' configured successfully
Nov 16 15:06:54 mx conntrack-tools[17623]: initialization completed
Nov 16 15:06:54 mx conntrack-tools[17623]: -- starting in console mode --
Nov 16 15:07:12 mx kernel: [73016.216826] conntrackd[17623]: segfault at 4 ip 00007f7a25091eab sp 00007ffee3341cb0 error 6 in ct_helper_rpc.so[7f7a25091000+2000]
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/conntrack-tools/+bug/1803718/+subscriptions
More information about the foundations-bugs
mailing list